head 1.5; access; symbols pkgsrc-2013Q2:1.5.0.24 pkgsrc-2013Q2-base:1.5 pkgsrc-2012Q4:1.5.0.22 pkgsrc-2012Q4-base:1.5 pkgsrc-2011Q4:1.5.0.20 pkgsrc-2011Q4-base:1.5 pkgsrc-2011Q2:1.5.0.18 pkgsrc-2011Q2-base:1.5 pkgsrc-2009Q4:1.5.0.16 pkgsrc-2009Q4-base:1.5 pkgsrc-2008Q4:1.5.0.14 pkgsrc-2008Q4-base:1.5 pkgsrc-2008Q3:1.5.0.12 pkgsrc-2008Q3-base:1.5 cube-native-xorg:1.5.0.10 cube-native-xorg-base:1.5 pkgsrc-2008Q2:1.5.0.8 pkgsrc-2008Q2-base:1.5 pkgsrc-2008Q1:1.5.0.6 pkgsrc-2008Q1-base:1.5 pkgsrc-2007Q4:1.5.0.4 pkgsrc-2007Q4-base:1.5 pkgsrc-2007Q3:1.5.0.2 pkgsrc-2007Q3-base:1.5 pkgsrc-2007Q2:1.4.0.8 pkgsrc-2007Q2-base:1.4 pkgsrc-2007Q1:1.4.0.6 pkgsrc-2007Q1-base:1.4 pkgsrc-2006Q4:1.4.0.4 pkgsrc-2006Q4-base:1.4 pkgsrc-2006Q3:1.4.0.2 pkgsrc-2006Q3-base:1.4 pkgsrc-2006Q2:1.3.0.4 pkgsrc-2006Q2-base:1.3 pkgsrc-2006Q1:1.3.0.2 pkgsrc-2006Q1-base:1.3 pkgsrc-2005Q4:1.1.0.4 pkgsrc-2005Q4-base:1.1 pkgsrc-2005Q3:1.1.0.2 pkgsrc-2005Q3-base:1.1; locks; strict; comment @# @; 1.5 date 2007.08.17.20.25.33; author joerg; state dead; branches; next 1.4; 1.4 date 2006.09.16.15.29.36; author hira; state Exp; branches; next 1.3; 1.3 date 2006.03.20.21.34.59; author joerg; state Exp; branches; next 1.2; 1.2 date 2006.01.18.23.53.06; author xtraeme; state dead; branches; next 1.1; 1.1 date 2005.09.18.19.33.42; author xtraeme; state Exp; branches; next ; desc @@ 1.5 log @To quote Johnny Lam: "In modular-xorg we trust" Remove xorg 6.9 packages from pkgsrc. @ text @$NetBSD: patch-bm,v 1.4 2006/09/16 15:29:36 hira Exp $ --- programs/Xserver/hw/xfree86/common/xf86Init.c.orig 2006-03-17 23:30:10.000000000 +0200 +++ programs/Xserver/hw/xfree86/common/xf86Init.c 2006-03-17 23:29:35.000000000 +0200 @@@@ -1376,7 +1376,7 @@@@ } /* First the options that are only allowed for root */ - if (getuid() == 0 || geteuid != 0) + if (getuid() == 0 || geteuid() != 0) { if (!strcmp(argv[i], "-modulepath")) { @@@@ -1679,7 +1679,7 @@@@ } if (!strcmp(argv[i], "-configure")) { - if (getuid() != 0 && geteuid == 0) { + if (getuid() != 0 && geteuid() == 0) { ErrorF("The '-configure' option can only be used by root.\n"); exit(1); } @ 1.4 log @Add missing RCS Id. @ text @d1 1 a1 1 $NetBSD$ @ 1.3 log @Fix CVE-2006-0745: Comparing the address of geteuid and 0 to detect whether the server was started by non-root is not likely to ever work. This could allow a local user to override system files or run arbitrary code. Patch from the original advisory. Bump revision of xorg-server. @ text @d1 2 @ 1.2 log @Update meta-pkgs/xorg to 6.9.0. The full list of changes: http://ftp.x.org/pub/X11R7.0/doc/html/RELNOTES2.html Thanks to joerg@@ and reed@@ for testing on DragonFlyBSD. Tested on NetBSD/i386 3.0/-current and DragonFlyBSD-1.4/i386. @ text @d1 3 a3 46 $NetBSD: patch-bm,v 1.1 2005/09/18 19:33:42 xtraeme Exp $ Single patch to fix CAN-2005-2495. --- programs/Xserver/afb/afbpixmap.c.orig Fri Apr 23 20:59:39 2004 +++ programs/Xserver/afb/afbpixmap.c Sun Sep 18 04:56:02 2005 @@@@ -73,10 +73,14 @@@@ int depth; { PixmapPtr pPixmap; - int datasize; - int paddedWidth; + size_t datasize; + size_t paddedWidth; paddedWidth = BitmapBytePad(width); + + if (paddedWidth > 32767 || height > 32767 || depth > 4) + return NullPixmap; + datasize = height * paddedWidth * depth; pPixmap = AllocatePixmap(pScreen, datasize); if (!pPixmap) --- programs/Xserver/cfb/cfbpixmap.c.orig Fri Apr 23 21:00:12 2004 +++ programs/Xserver/cfb/cfbpixmap.c Sun Sep 18 04:56:02 2005 @@@@ -70,10 +70,13 @@@@ int depth; { PixmapPtr pPixmap; - int datasize; - int paddedWidth; + size_t datasize; + size_t paddedWidth; paddedWidth = PixmapBytePad(width, depth); + + if (paddedWidth / 4 > 32767 || height > 32767) + return NullPixmap; datasize = height * paddedWidth; pPixmap = AllocatePixmap(pScreen, datasize); if (!pPixmap) --- programs/Xserver/dix/dispatch.c.orig Mon Dec 13 02:23:05 2004 +++ programs/Xserver/dix/dispatch.c Sun Sep 18 04:56:02 2005 @@@@ -1506,6 +1506,23 @@@@ client->errorValue = 0; return BadValue; d5 6 a10 18 + if (stuff->width > 32767 || stuff->height > 32767) + { + /* It is allowed to try and allocate a pixmap which is larger than + * 32767 in either dimension. However, all of the framebuffer code + * is buggy and does not reliably draw to such big pixmaps, basically + * because the Region data structure operates with signed shorts + * for the rectangles in it. + * + * Furthermore, several places in the X server computes the + * size in bytes of the pixmap and tries to store it in an + * integer. This integer can overflow and cause the allocated size + * to be much smaller. + * + * So, such big pixmaps are rejected here with a BadAlloc + */ + return BadAlloc; + } if (stuff->depth != 1) d12 9 a20 121 pDepth = pDraw->pScreen->allowedDepths; --- programs/Xserver/dix/pixmap.c.orig Fri Apr 23 21:04:44 2004 +++ programs/Xserver/dix/pixmap.c Sun Sep 18 04:56:02 2005 @@@@ -126,6 +126,9 @@@@ unsigned size; int i; + if (pScreen->totalPixmapSize > ((size_t)-1) - pixDataSize) + return NullPixmap; + pPixmap = (PixmapPtr)xalloc(pScreen->totalPixmapSize + pixDataSize); if (!pPixmap) return NullPixmap; --- programs/Xserver/fb/fbpixmap.c.orig Mon Aug 9 05:40:50 2004 +++ programs/Xserver/fb/fbpixmap.c Sun Sep 18 04:56:02 2005 @@@@ -32,12 +32,14 @@@@ fbCreatePixmapBpp (ScreenPtr pScreen, int width, int height, int depth, int bpp) { PixmapPtr pPixmap; - int datasize; - int paddedWidth; + size_t datasize; + size_t paddedWidth; int adjust; int base; paddedWidth = ((width * bpp + FB_MASK) >> FB_SHIFT) * sizeof (FbBits); + if (paddedWidth / 4 > 32767 || height > 32767) + return NullPixmap; datasize = height * paddedWidth; #ifdef PIXPRIV base = pScreen->totalPixmapSize; --- programs/Xserver/hw/xfree86/xaa/xaaInit.c.orig Fri Jul 30 22:30:56 2004 +++ programs/Xserver/hw/xfree86/xaa/xaaInit.c Sun Sep 18 04:56:02 2005 @@@@ -498,6 +498,9 @@@@ XAAPixmapPtr pPriv; PixmapPtr pPix = NULL; int size = w * h; + + if (w > 32767 || h > 32767) + return NullPixmap; if (!infoRec->offscreenDepthsInitialized) XAAInitializeOffscreenDepths (pScreen); --- programs/Xserver/hw/xfree86/xf4bpp/ppcPixmap.c.orig Fri Apr 23 21:54:17 2004 +++ programs/Xserver/hw/xfree86/xf4bpp/ppcPixmap.c Sun Sep 18 04:56:02 2005 @@@@ -85,7 +85,7 @@@@ int depth ; { register PixmapPtr pPixmap = (PixmapPtr)NULL; - int size ; + size_t size ; TRACE(("xf4bppCreatePixmap(pScreen=0x%x, width=%d, height=%d, depth=%d)\n", pScreen, width, height, depth)) ; @@@@ -93,6 +93,10 @@@@ return (PixmapPtr) NULL ; size = PixmapBytePad(width, depth); + + if (size / 4 > 32767 || height > 32767) + return (PixmapPtr) NULL ; + pPixmap = AllocatePixmap (pScreen, (height * size)); if ( !pPixmap ) --- programs/Xserver/ilbm/ilbmpixmap.c.orig Fri Apr 23 21:54:22 2004 +++ programs/Xserver/ilbm/ilbmpixmap.c Sun Sep 18 04:56:02 2005 @@@@ -75,10 +75,12 @@@@ int depth; { PixmapPtr pPixmap; - int datasize; - int paddedWidth; + size_t datasize; + size_t paddedWidth; paddedWidth = BitmapBytePad(width); + if (paddedWidth > 32767 || height > 32767 || depth > 4) + return NullPixmap; datasize = height * paddedWidth * depth; pPixmap = AllocatePixmap(pScreen, datasize); if (!pPixmap) --- programs/Xserver/iplan2p4/iplpixmap.c.orig Fri Apr 23 21:54:24 2004 +++ programs/Xserver/iplan2p4/iplpixmap.c Sun Sep 18 04:56:02 2005 @@@@ -74,12 +74,14 @@@@ int depth; { PixmapPtr pPixmap; - int datasize; - int paddedWidth; + size_t datasize; + size_t paddedWidth; int ipad=INTER_PLANES*2 - 1; paddedWidth = PixmapBytePad(width, depth); paddedWidth = (paddedWidth + ipad) & ~ipad; + if (paddedWidth / 4 > 32767 || height > 32767) + return NullPixmap; datasize = height * paddedWidth; pPixmap = AllocatePixmap(pScreen, datasize); if (!pPixmap) --- programs/Xserver/mfb/mfbpixmap.c.orig Fri Nov 14 17:48:57 2003 +++ programs/Xserver/mfb/mfbpixmap.c Sun Sep 18 04:56:02 2005 @@@@ -72,12 +72,14 @@@@ int depth; { PixmapPtr pPixmap; - int datasize; - int paddedWidth; + size_t datasize; + size_t paddedWidth; if (depth != 1) return NullPixmap; paddedWidth = BitmapBytePad(width); + if (paddedWidth / 4 > 32767 || height > 32767) + return NullPixmap; datasize = height * paddedWidth; pPixmap = AllocatePixmap(pScreen, datasize); if (!pPixmap) @ 1.1 log @Apply patch from FreeBSD ports to fix CAN-2005-2495. Bump BUILDLINK_RECOMMENDED and PKGREVISION. @ text @d1 1 a1 1 $NetBSD$ @